On Fri, 31 Aug 2007, Jim Lux wrote:
> At 02:21 PM 8/31/2007, Peter St. John wrote:
>> I'm imaging this system as a computer, and the headaches of it's operator
>> (the guy who scripted the worm, maybe) whose million nodes are infested by
>> a million hostile users (the refeverse of a users desktop infested by a
>> worm, is a worm's virutual supercomputer infested by users).
>> I'm sure that the architect sees the value of the Beowulf mailing list for
> such things. After all, we all like a challenge, right? Heterogenous hardware
> configurations, non-deterministic latency interconnects with an ever changing
> topology, configuration management issues galore. By the time we're done,
> rgb will have to add another chapter to his book on building Beowulfs.
I'm already planning it. The probable chapter title is "Cluster Wars"
since of course this is a >>terror weapon<<. Remember, the internet is
the basis of much commerce. There are any number of tasks one could
assign such a viral bot-cloud cluster for good or evil, but evil (given
the second law of thermodynamics:-) is a lot easier...
Let's see. RSA and DES and MD5 are considered "probably uncrackable" by
anyone with less than NSA-class resources, but of course this bot-cloud
is several orders of magnitude more powerful than NSA's probable setup.
If we go with the gaudy end of the estimate and give it 10^7
node/members, MDA is done -- one can pretty much crack anything one
could have cracked with the old crypt library, even if one can only test
1 password per second per node -- nearly 10^12 passwords a day.
Similarly lots of other problems become tractible to a brute force
search algorithm when you can displose of order of 20 petaclocks worth
of cycles. (Am I multiplying that out right? 10^7 times 2x10^9 =
2x10^16, 9 is giga, 12 is tera, 15 is peta. Yup. Petacycles.). Brute
force searches require minimal IPCs, although I'm sure there are
interesting problems associated with IPCs and data harvesting when it
has to be done in "stealth" mode and not lead investigators back to you
and when you need to make it robust against nodes dropping out (being
cleaned by their owners) and popping back in (as yet another virus
propagates).
Then there is denial of service. Everybody knows that this is an
attack, but few recognize its potential terror value. Just remember the
>>cost<< of some of the countdown viruses of years past. Some of them
literally shut down the Internet for close to a day -- clogging all the
main arteries and switch points until hosts were run down one at a time
and isolated by their hosting ISPs. The cost of those incidents in real
dollars, lost productivity, and human misery was easily a billion
dollars each (I read estimates that were much higher, but I don't want
to be hyperbolic so let's stay conservative here). A bot-cloud attack
could be far more costly and last far, far longer, in part because if it
were well-designed it could shape-shift every five minutes and vary e.g.
IP number, signature, target. It could also turn on and off at random
times to make it very difficult to track each bot back to its infected
host. If it times itself to take advantage of one of those two-month
long window vulnerabilities (yes, a lot of them last for PLENTY of time
for this to be feasible) so that it can essentially instantly re-infect
a wide class of hosts at will as they are cleansed, it could force the
shutdown of nearly every Windows system in the world until it is
hand-cleaned and patched -- the Internet itself would be useless in
fixing the problem. The cost of such a complete attack would be
staggering -- banking, commerce, education, defense -- all at a
standstill. It would probably trigger a full depression (led of course
by the complete collapse of Microsoft as the full cost of its appalling
and perpetual vulnerability is finally laid bare).
Truthfully, I've been waiting for foreign terror powers to figure this
one out and attempt such an attack, but so far we've been lucky. Bot
driven attacks on individual systems of course happen all the time --
check out the logs of pretty much any server and count the number of
times per day some system in Korea or South America or God Knows Where
tries to probe its way down your ssh ports and standard accounts in
search of an idiot who left in a default password (or put a stupid
password or root). These folks aren't looking for fun, they're looking
for money.
Finally, there is viral spam (which might even be that very foreign
power attack:-). Viral bot-driven spam is ubiquitous, and IMMENSELY
costly. It costs me personally -- AFTER putting all my mail through a
fairly aggressive spam filter -- at least fifteen minutes a day just
hitting the d button on what gets through. That's AFTER filtering 50 MB
a week so I never see it. The cost -- missed messages (filtered
incorrectly) and 2-3% of my net productivity. They're going to cost me
close to a year of my productive life by the time all is said and done.
Multiply that out by hundreds of millions, and SPAM easily costs around
a billion dollars in lost productivity and wasted resources a day.
Sounds like an attack to me...
My own "solution" to this is pretty draconian -- a "final solution" of
sorts. I would legislate an "acceptable use agreement" for the Internet
at the federal level (to be used for state models as well). It would
not be worded to compromise the rights to free speech, it would leave
pornography mostly alone (tempting a prize as that would be to idiot
lawmakers) and would focus strictly on the issues above that are clearly
attacks and which clearly cost a fortune. The law would put individuals
knowingly participating in viral-bot theft of network resources for any
purpose at all in jail -- for theft! What an idea! Fine them 10x the
estimated value of the theft plus its extrapolated cost in lost
productivity (cleanup at $150/hour, anywhere up to millions of dollars
for something that is widely propagated) and then put them in jail for
anywhere from a year for first/minor offenses to twenty years, with an
explicit stipulation that >>they<< will never be permitted an
information processing device or network connection in their jail cell,
no computer, internet, ipod, cell phone, pda.
Push it out there in the form of international treaties. Create a
special branch of the FBI just to deal with the worst cases, create
state BI branches to handle the rank and file, and then go after the
bastards.
And finally, establish some REASONABLE procedure for handling internet
vulnerabilities in a timely way, and provide protection (on the one
hand) for companies and operating systems that demonstrably crush
exposed vulnerabilities within a reasonable time window and >>make
companies that fail to do so liable<< for a crushing class action suit
in the event that they do NOT deal with known threats in (say) two weeks
and four weeks in an exploit costs a hundred thousand users of said
operating system a couple hundred dollars each of wasted time and
productivity and services from local systems people to clean up and
repair their systems.
[Yes, I've been dreaming of this for years, ever since I learned first
hand just how COSTLY a successful crack is within an organization. I've
never spent less than 1-2 DAYS FTE dealing with successful cracks over
the last 20 years, and in some cases just debriefing the crack took a
committee of four or five high end sysadmins and a couple of University
administrators several three hour meetings PLUS all the time required to
actually clean things up -- that one was in our medical center.]
Cluster wars indeed.
>>> So besides preferring to call it a "Virtual Special-purpose (mail-bombing)
> Supercomputer" instead of a "(General purpose) Supercomputer" I'd also be
> skeptical of all performance metrics. If you can't measure the number of
> nodes within an order of magnitude then other metrics are perforce dubious.
>> Well, there IS that, but then, it's more a matter of scale of dubiousness
> rather than whether any sort of single cluster metric is "truth".
>>>>> And I'm pretty sure that Deep Blue could beat it at chess, if someone
>> managed to MPI a chess program on Storm Bot. But I"m sure I can't prove it.
>>> Come on.. someone needs to throw down the guantlet. Challenge the botnet to a
> smackdown duel. race for pinks* or something.
The gauntlet is down and has been for years. The stormbotnet is already
constantly probing, seeking to grow, seeking to add your nodes to its
supply. Linux nodes are probably "hard" enough that if it doesn't find
something really stupid (open guest accounts, toor as the root password)
it tests for a few holes and then moves on, but I'm sure that it would
love to eat your clusters. And you get to duel whether you want to or
not, and get to pay the cost of duelling whether you want to or not!
The cost is ensuring that you have a "trustworthy" update stream -- Red
Hat's reason for existence, currently. Not using Mosix-like kernels that
get too far behind the production kernels (that are generally VERY
rapidly patched when a vulnerability is discovered). Using only ssh, or
building your rsh-based clusters inside a firewall and hoping to God
that the doorway is never cracked. Running nightly (or even hourly)
monitoring software primed to look for symptoms of a successful crack
and then reading the damn logs! (Hours of wasted sysadmin productivity
right there.) Ditto syslog.ng -- doesn't do you any good unless you use
it AND read the reams of garbage thus produced to look for anomalies.
And then there is the BIG cost when you blink and something slips in and
you've got to do a full reinstall and close the vulnerability, the
extended big cost as you then devote even more of your time keeping up
with security digests and security mailing lists so you can proactively
close the next configurational hole before it is exploited.
It's all shades of William Gibson. As the network continues to get
bigger and faster, as closed source operating systems and networking
device companies like Cisco continue to push the utterly failed paradigm
of security by obscurity, arguing that they are better off not
publishing their sources for open review (which is utter nonsense), as
the network starts to include ever more SMALL devices running SMALL
operating systems with the same vulnerabilities, we'll get closer and
closer to the point where Internet-spanning bot-clouds get a life of
their own.
There is actually a really interesting problem in evolution being played
out here -- at what point will someone drop something out there that is
capable of existing at a level that is tolerated by the host so it is
not immediately obviously sick, that can live in your cell phone, your
PDA, your linksys WAP where tools to discover it simply do not EXIST,
and that can exchange codons and evolve as it propagates? We're really
close to that already -- some "spyware" is distressingly like this,
living quietly enough on the host and collecting information. Not quite
botware, though. But it is coming.
rgb
>>>>> *impromptu drag racing, winner takes possession of loser's vehicle (i.e.
>> the certificate of ownership, which used to be pink in California (aka pink
>> slip).. now they're a harder to forge rainbow color)
>>http://en.wikipedia.org/wiki/Pink_slip>> I like the linked interesting quote from Tony Blair, in re: his pink slip
> (the other kind). Apparently in the UK, there's actually an official form
> (P45) for such things. The wikipedia didn't say if the P45 is pink, though.
> Here in the U.S., we have forms for lots of other things, but not that.
>> This list is so educational, in ways that one cannot even begin to describe.
> Now I have something to talk about with my wife's relatives in Surrey,
> stories about bureacracy having universal appeal, and much more cheery than
> death and taxes.
>>> James Lux, P.E.
> Spacecraft Radio Frequency Subsystems Group
> Flight Communications Systems Section
> Jet Propulsion Laboratory, Mail Stop 161-213
> 4800 Oak Grove Drive
> Pasadena CA 91109
> tel: (818)354-2075
> fax: (818)393-6875
>> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org> To change your subscription (digest mode or unsubscribe) visit
>http://www.beowulf.org/mailman/listinfo/beowulf>
--
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb at phy.duke.edu